Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/BOT5KFIXJpkIbzlxtuVva-pqcW8.roa
File:                     BOT5KFIXJpkIbzlxtuVva-pqcW8.roa (raw, json)
Hash identifier:          V0+HzlrzgNuQq4OTP8iqfYcbyGXd1T0uSkmpDamsFm0=
Subject key identifier:   04:E4:F9:28:52:17:26:99:08:6F:39:71:B6:E5:6F:6B:EA:6A:71:6F
Certificate issuer:       /CN=4fd642102ebdd7f2268c14c27e3ebbf26b4cafeb
Certificate serial:       019E78E83FA5EC357A2293AD0FE3E1C11109
Authority key identifier: 4F:D6:42:10:2E:BD:D7:F2:26:8C:14:C2:7E:3E:BB:F2:6B:4C:AF:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T9ZCEC691_ImjBTCfj678mtMr-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/BOT5KFIXJpkIbzlxtuVva-pqcW8.roa
Signing time:             Sat 30 May 2026 12:42:27 +0000
ROA not before:           Sat 30 May 2026 12:42:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        2a07:e000:10::/44 maxlen: 44
                          2a07:e000:100::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/T9ZCEC691_ImjBTCfj678mtMr-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/T9ZCEC691_ImjBTCfj678mtMr-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T9ZCEC691_ImjBTCfj678mtMr-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:78:e8:3f:a5:ec:35:7a:22:93:ad:0f:e3:e1:c1:11:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fd642102ebdd7f2268c14c27e3ebbf26b4cafeb
        Validity
            Not Before: May 30 12:42:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04e4f92852172699086f3971b6e56f6bea6a716f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:d2:ba:77:05:4c:7d:43:65:d1:27:40:42:7e:
                    da:e8:3d:14:3a:6c:af:95:84:b4:8b:74:43:c8:7d:
                    44:10:48:75:00:bb:06:33:2f:93:c6:5a:e3:f5:b5:
                    9a:43:7f:0f:25:b4:e3:7a:ec:bd:f6:01:33:9c:63:
                    97:22:2f:9f:ab:34:95:19:45:9a:80:04:f9:4e:b9:
                    a8:6f:02:98:37:bc:73:6c:a8:4b:97:d0:40:46:01:
                    21:b4:55:0c:06:80:1f:e1:99:cc:ac:f7:ad:a7:62:
                    82:54:d8:0d:3f:7f:86:7e:36:44:e9:2a:35:88:e8:
                    9b:c1:35:18:d1:cc:4d:c8:02:b7:e7:90:ba:e6:65:
                    08:b0:10:fb:9d:27:7c:20:cc:2e:78:e4:6c:c2:cb:
                    6b:10:7d:cb:82:1f:1c:c6:bd:91:5c:b4:a0:c1:4a:
                    29:03:a4:c7:47:37:be:71:cf:b5:3e:e5:90:36:2c:
                    b7:38:f9:3d:d0:3d:d0:02:12:f0:ad:1c:07:47:e0:
                    1d:39:0c:ac:f3:82:e8:c3:5f:e6:34:d3:21:27:57:
                    d5:35:6f:4b:5d:39:2e:f8:77:ad:e3:5e:6e:e5:d1:
                    c0:85:16:8b:06:95:88:99:81:b8:da:27:15:53:02:
                    b7:6e:53:a1:af:df:ab:5e:07:ed:50:96:55:54:80:
                    6e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:E4:F9:28:52:17:26:99:08:6F:39:71:B6:E5:6F:6B:EA:6A:71:6F
            X509v3 Authority Key Identifier:
                keyid:4F:D6:42:10:2E:BD:D7:F2:26:8C:14:C2:7E:3E:BB:F2:6B:4C:AF:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T9ZCEC691_ImjBTCfj678mtMr-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/BOT5KFIXJpkIbzlxtuVva-pqcW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0c3b1f-dab8-4762-9d04-f941cc39a71e/1/T9ZCEC691_ImjBTCfj678mtMr-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:e000:10::/44
                  2a07:e000:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         56:2d:cd:d3:1c:71:43:cd:7a:fc:33:bb:7f:f7:45:aa:ee:49:
         05:da:db:1f:4c:a5:67:55:26:73:5a:32:fd:22:51:e6:84:0a:
         a2:bc:1a:39:27:59:e4:dc:ad:09:c3:3c:63:cf:72:03:fd:3e:
         83:a3:6f:ce:51:01:df:df:01:aa:c5:02:42:5e:31:51:92:6f:
         56:0e:a9:76:79:08:24:63:4f:36:89:57:8e:91:f0:6f:8e:e7:
         58:e5:ac:ab:f2:ac:f4:66:1f:bc:f9:49:13:60:de:85:1c:45:
         df:da:2a:ae:f7:c4:5b:98:d4:2a:9f:cc:90:72:d7:83:53:06:
         9f:ee:74:3c:3f:0a:1a:3b:73:fc:df:f8:0b:f3:da:10:e9:f4:
         1e:dd:5f:c7:25:65:4d:9a:94:91:7e:b0:13:62:54:bb:e7:08:
         fd:00:f0:cc:c4:4a:29:4b:4b:a0:00:de:31:0c:2d:df:34:02:
         e0:ab:97:7d:1a:ce:bc:41:42:24:a8:a0:d6:c0:fb:40:b6:60:
         b7:83:dd:0e:44:de:7a:9a:ad:29:da:c9:e7:fd:ef:87:0c:74:
         0a:6e:59:52:c8:84:2d:1c:3b:3c:19:c7:f2:72:10:73:8e:f3:
         13:28:e8:ac:cc:32:7f:b5:eb:4c:cd:4d:b1:be:2c:69:c4:07:
         aa:2b:28:12
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZ546D+l7DV6IpOtD+PhwREJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmZDY0MjEwMmViZGQ3ZjIyNjhjMTRjMjdlM2ViYmYyNmI0
Y2FmZWIwHhcNMjYwNTMwMTI0MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGU0ZjkyODUyMTcyNjk5MDg2ZjM5NzFiNmU1NmY2YmVhNmE3MTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4dK6dwVMfUNl0SdAQn7a6D0UOmyv
lYS0i3RDyH1EEEh1ALsGMy+Txlrj9bWaQ38PJbTjeuy99gEznGOXIi+fqzSVGUWa
gAT5TrmobwKYN7xzbKhLl9BARgEhtFUMBoAf4ZnMrPetp2KCVNgNP3+GfjZE6So1
iOibwTUY0cxNyAK355C65mUIsBD7nSd8IMwueORswstrEH3Lgh8cxr2RXLSgwUop
A6THRze+cc+1PuWQNiy3OPk90D3QAhLwrRwHR+AdOQys84Low1/mNNMhJ1fVNW9L
XTku+Het415u5dHAhRaLBpWImYG42icVUwK3blOhr9+rXgftUJZVVIBuBwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFATk+ShSFyaZCG85cbblb2vqanFvMB8GA1UdIwQY
MBaAFE/WQhAuvdfyJowUwn4+u/JrTK/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDlaQ0VDNjkxX0ltakJUQ2ZqNjc4bXRNci1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wYzNiMWYtZGFiOC00NzYyLTlkMDQt
Zjk0MWNjMzlhNzFlLzEvQk9UNUtGSVhKcGtJYnpseHR1VnZhLXBxY1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wYzNiMWYtZGFiOC00NzYyLTlkMDQtZjk0MWNjMzlhNzFl
LzEvVDlaQ0VDNjkxX0ltakJUQ2ZqNjc4bXRNci1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcEKgfgAAAQ
AwYAKgfgAAEwDQYJKoZIhvcNAQELBQADggEBAFYtzdMccUPNevwzu3/3RaruSQXa
2x9MpWdVJnNaMv0iUeaECqK8GjknWeTcrQnDPGPPcgP9PoOjb85RAd/fAarFAkJe
MVGSb1YOqXZ5CCRjTzaJV46R8G+O51jlrKvyrPRmH7z5SRNg3oUcRd/aKq73xFuY
1CqfzJBy14NTBp/udDw/Cho7c/zf+Avz2hDp9B7dX8clZU2alJF+sBNiVLvnCP0A
8MzESilLS6AA3jEMLd80AuCrl30azrxBQiSooNbA+0C2YLeD3Q5E3nqarSnayef9
74cMdApuWVLIhC0cOzwZx/JyEHOO8xMo6KzMMn+160zNTbG+LGnEB6orKBI=
-----END CERTIFICATE-----